What is CVE-2023-3817?

CVE-2023-3817 is a vulnerability in Openssl, classified under CWE-606. Published 2023-07-31.

Is CVE-2023-3817 known to be exploited?

11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Openssl

CVE-2023-3817

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience lon…

EPSS: 0.004 (57.8th percentile) — read the EPSS interpretation.

Affected products

Openssl — versions 3.1.0, 3.0.0, 1.1.1

Weakness classification (CWE)

CWE-606

Public proof-of-concept exploits

FawazMalik-jjj/CONTAIN-SEC-FALCON
adegoodyer/kubernetes-admin-toolkit
chnzzh/OpenSSL-CVE-lib
datacode09/platform_
equinixmetal-buildkite/trivy-buildkite-plugin
fkie-cad/nvd-json-data-feeds
ksoclabs/image-vulnerability-search
seal-community/patches
sonalvijit/cve
testing-felickz/docker-scout-demo

References

OpenSSL Advisory (vendor-advisory)
3.1.2 git commit (patch)
3.0.10 git commit (patch)
1.1.1v git commit (patch)
1.0.2zi patch (premium) (patch)

Frequently asked questions

What is CVE-2023-3817?: CVE-2023-3817 is a vulnerability in Openssl, classified under CWE-606. Published 2023-07-31.
Is CVE-2023-3817 known to be exploited?: 11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.